An excellent article without doubt. However, I doubt the overall reliability of the "freebie" issues and experience has shown, over many years, that "one gets what you pay for!" For myself, I have found nothing better than "Spy Sweeper" (now at version 4.5.709) and well worth the money. It's amazing how many updates keep coming through - automatically - just as it is with Norton on anti-virus. GEORGE QUIGLEY.
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
2/17/06 How does antispyware work?
Hey, CNET members! I am completely new to antispyware programs, and I would like to install one. However, I have no idea how these programs work. Do they work like my antivirus app? How do they know which files are good and which ones are bad? Do the programs need updating? I'd also like to know how to install these programs, if possible. Thank you very much.
Submitted by: Silvana L.
*******************************************************
Answer:
Silvana,
Antispyware programs are a lot like antivirus applications:
? Both essentially consist of a scanning engine that relies on signatures files (also known as definitions or fingerprints) to detect spyware and adware.
? Once a scan detects potentially harmful files, the antivirus or antispyware software will either ask you how it should handle the detections or remove or quarantine them automatically.
? More comprehensive antispyware applications offer real-time protection akin to what antivirus programs offer. Real-time protection monitors critical checkpoints in Windows. Antispyware software is designed to prevent the installation of both spyware and adware, in a manner similar to how antivirus protection blocks viruses, worms, and Trojans from installing.
? Your antivirus and antispyware software - and by extension, the protection they offer - is only as good as their latest definitions. These types of programs need constant updating. The frequency of new signature (and software) updates varies with the manufacturer, but it can be as often as every few days for antispyware signatures.
? Like antivirus software, some of the more comprehensive antispyware scanning engines use heuristic (rules-based) technology to detect new and unknown threats for which signatures are yet to be released.
? Free versions of well-regarded programs are available. However, these usually have less features and/or limited capabilities than their for-sale counterparts.
? Antivirus and antispyware applications are now commonly bundled with firewalls and other privacy tools as part of security suites.
? Both antispyware and antivirus software are relatively simple to use.
There is one HUGE difference between antivirus and antispyware software (at least for the purpose of this discussion):
? Antispyware software, as a group, does not come close to matching the performance and track record of antivirus applications. For instance, venerable products like Norton Antivirus and McAfee Viruscan block and/or remove nearly every virus they are expected to protect against. (And their heuristic technology help protect against unknown quantities!). By contrast, the best antispyware programs have a success rate of approximately 75%. That means they still allow an awful lot of nasties to get through!
The mediocre performance is a testament to the creativity and persistence of the folks creating spyware. But it also betrays the absence of reference standards that can be applied across the board, facilitating the comparison of products from different manufacturers and the creation of an unified front in the war against spyware.
Because even the best antispyware program only protects against roughly three-quarters of known threats, many security experts recommend installing two or three antispyware applications, with one of them providing real-time protection. The thinking behind this strategy is that spyware "getting by" one application might be detected by the other.
Fortunately, this is another area where antivirus and antispyware software differ: While running more than one antivirus (or firewall) program at a time is a recipe for trouble, the same is not true for antispyware applications. In my experience, you can run multiple programs with real-time protection without conflict, or even a noticeable degradation in your computer's performance.
So which antispyware programs should you consider? I strongly recommend the following three:
1. Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)
Well-respected, user-friendly program. Spybot S&D features a built-in tutorial that is a godsend for anyone new to the antispyware game. You can also configure it to check for updates automatically. Real-time protection is available through its Immunize function. New signatures usually released every Friday. Free download.
2. Ad-Aware SE Personal (http://www.lavasoftusa.com/software/adaware/)
Another free download. Excellent in detecting and removing tracking cookies. A post-scan summary provides descriptions of threats found, their location in your computer, and their relative risk rating. Like Spybot S&D, Ad-Aware SE boasts an excellent help file that gets you up to speed in no time. On the down side, real-time protection and automatic updates require upgrading to Ad-Aware Plus, which costs $27. (But you can always configure the free version of Ad-Aware to remind you to check for updates manually!) Lavasoft releases new signatures frequently, often every few days.
3. Windows Defender (Beta 2) (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
The folks in Redmond decided to show Windows users some love by releasing this new and updated version of Windows AntiSpyware Beta 2 on Valentine's Day. (Easier than sending boxes of chocolates via Automatic Updates, I suppose.)
Like Spybot S&D, Windows Defender offers real-time protection and automatic updates. In its present incarnation, this program does not scan for tracking cookies, though the capability will be added later on. (Beta programs are "works in progress," and as such might have some bugs and odd features. Overall, Windows Defender is stable enough to be recommended even in its beta stage.)
Windows Defender excels in recognizing and blocking program attempts to change settings, edit the Windows registry, or add items to startup. As such, it complements Spybot S&D and Ad-Aware SE quite well.
You undoubtedly realized that all three of my suggestions are free programs. There are other worthy antispyware utilities available, and most of them cost about $30 a year. The latest issue of PC Magazine reviews nine of them. If you are interested, you can read their findings on their website:
http://www.pcmag.com/article2/0,1895,1916810,00.asp
But before you part with your money, consider the following:
1. Given the lackluster performance of antispyware programs as a group, there is little reason to pay for something that will offer little or no extra protection relative to the free utilities. The $30 might buy you speedier scans and improved aesthetics, but hardly any more security. Even PC Magazine recommends that you back up your premium antispyware utility with a freebie, often Spybot S&D;
2. In my experience, the pricier software tends to yield more false positives (items that are not truly spyware) - and even some questionable detections. For example, files identified as "key loggers" might actually be legitimate components that allow you to open a program by clicking on its desktop or taskbar icon. This aggressive scanning might be built in by design, probably to give the impression of better protection. Because the files in question often have obscure names, it can be challenging to find out their identity, and even quarantining them can lead to problems;
3. As previously mentioned, Spybot S&D, Ad-Aware Plus, and Windows Defender complement each other quite nicely, and without slowing things down or software conflicts.
4. Once you become comfortable with antispyware software, you can always explore other titles to see what suits your needs best.
I should also mention that antispyware software available as part of security suites, personal firewalls (e.g., ZoneAlarm Pro 6) or antivirus software tend to be significantly weaker than their stand-alone counterparts - even the free versions.
Now that you know which programs to consider, you are ready to install them. Fortunately, installing antispyware programs is a breeze.
The first thing to do is to go to the websites listed above (or to that of any software that interests you) and download the installers (also known as setup programs). Alternatively, you can visit Download.com (http://www.download.com/), enter the appropriate program name in the Search Box, and you will be taken to a page from which you can download its installer. The download pages invariably include downloading and installation instructions, tips, and troubleshooting sections or links. The same information can often be found in the Help and Support or FAQ's sections of the manufacturers' websites.
Once the download is complete, close all Windows applications (e.g., Internet Explorer and/or Firefox windows, instant messengers, etc, but NOT your firewall or your antivirus), and run the installer. A wizard will guide you through the installation and configuration process, and your antispyware program will be up and running in no time. (If you can point and click, you can install virtually any software!) Install one program at a time, and restart your computer before installing the next one.
(You can always download and save several installers to your desktop, then run them one by one at your convenience. You need not install all three programs right away. Installing one program at a time facilitates troubleshooting in case problems arise from a bad installation or corrupted files. If something doesn't seem right, uninstall the program using the Windows Add or Remove Programs utility found within your Control Panel, download a fresh copy of the installer, and repeat the installation.)
It is imperative that you check for the latest updates immediately after installing an antispyware program. In all likelihood, the installation wizard will ask you to do so, and will also ask you to perform an initial scan of your computer. At this point in time, a "deep" scan is preferable to a "quick" one, though you can always run the more comprehensive scan at your convenience. Realize, however, that a deep scan might take considerable time - often an hour or longer. (Windows Defender's "quick scan" is anything but!)
While the scan is running, read the section in the help files (or tutorial) that discusses your first scan and the interpretation of its results. Make sure you understand what the results of a scan mean before deleting anything.
Understand, the information provided by scan summaries sometimes makes it very hard to make informed decisions about removal of cryptically named files. When in doubt, quarantine rather than delete, even if the recommended or default action is to remove the file. This will allow you to restore any files that might have been incorrectly identified as spyware. You can always use Google to find out more about mysterious detections, or check the antispyware program's website for more detailed information. With time, you will recognize the type of detections that truly require immediate attention.
Once the initial scan is completed, go over the program's settings (if you didn't do so during setup) to set preferences, schedule automated scans and update checks, if applicable. You're done!
It is a good idea to scan your computer for spyware a few times a week. My personal preference is to let Spybot S&D and Windows Defender handle real-time protection silently, and run Ad-Aware Plus manually a few times a week to remove tracking cookies. And whenever new signature files are installed for a program, I run a quick scan.
It won't hurt to perform a more thorough scan from time to time, or if you suspect your computer to have been at a higher risk for spyware exposure (e.g., P2P downloads, downloading free screen savers, someone navigating to casino websites or "adult" areas of the web.)
Lastly, if you notice that a program's signatures have not been updated for a relatively long time, check the program's website for a new version of the software. One thing I have noticed with antispyware programs is that their automatic updates feature often fail to detect program upgrades. It will keep telling you that your definitions are up to date or that there are no new ones available. In the case of Ad-Aware, the Checking for Updates dialog box will alert you of a new program version in the "News" section, but the alert is easy to miss.
Hope this helps!
Miguel K.
P.S.: Another free antispyware program worth checking out is Tenebril's SpyCatcher Express (http://www.tenebril.com/) SpyCatcher looks very promising, but in its default configuration it tends to quarantine a few files that might cause your computer to freeze during startup. The description of the nature and location of detections is somewhat incomplete, making restoring the right file a challenge. For these reasons, SpyCatcher is not a good choice for someone unfamiliar with antispyware programs. For more experienced users, it is worth a try.
Submitted by: Miguel K. of Columbus, OH
Discussion is locked
31 - 60 of 50 Posts
- Collapse
- Collapse -
An nonexpert here who has used a few of the more common and respected AS systems and has found that:
All spyware ends up in my internet temp folders and that simply deleting the contents of same has exactly the same effect as the AS systems. The issue of weather the AS system is real-time or not seems to me to be a/the critical one in my experience.
- Collapse -
In PC Magazine's review of the 2005 product:
"Although the suite doesn't include a dedicated antispyware module, it was more successful in cleaning and blocking spyware than any of the other suites were. In fact, it outperformed all but the best two of the standalone antispyware products we tested."
You can read more about it here:
http://www.pcmag.com/article2/0,1895,1754437,00.asp
- Collapse -
Tried to anyway. It messed up my machine big time, and removing it was worse.
I do not trust things that are reccomended by microsoft.
Another time I used a microsoft reccomended product and it actually put a virus on the machine.
Can't trust anyone I guess.
- Collapse -
One of the top rated this month in PC World is Bit Defender. For years I have been running 3 AV programs Norton, AVG, V-Com's antivirus. I keep them updated and I will run at least 2 a week for a complete check.
I ran Bit Defender on line scan and to my amazement my computer was covered with Trojans and all the little gremlins that I thought were not there.
It disinfected about 6000 files.
So my hat is off to Bit Defender. I now run the on line scan at least once a week. I now am waiting for the anti virus program itself so now I will have 4 anti virus program on my computer. Besides the two fire walls.
And contrary to popular belief it has not slowed down my computer. That might be because I defrag at least once a week.
So that is basically my two cents on it. For me I believe it is worth the time to run the online scan, just to see where you stand. I also have and did run Ad-aware and Spybot and A squared
but Bit Defender is just plain great.
- Collapse -
Each of even the best anti-spyware programs catch a limited number of infection. Running more than one is a pain.
Solution: Hitman Pro (http://www.hitmanpro.nl/)
Hitman Pro installs the most comprehensive suite of programs, and then runs them - UNATTENDED.
After installation, just open Hitman Pro. Click on START and the program does the rest (including updating the anti-spyware programs prior to running them.) Note: It does take quite a while (over an hour?) to go through the whole set, so run only when you're ready to take a break.
This is freeware (Contriburions appreciated.)
Website is in Dutch, but installation in English is available.
- Collapse -
And exactly along the lines of my experiences and usage. Congrats on getting it right. I'm a happy online computer user with two download crazy teens because I have learned the hard way exactly what you explained so well in your post. I hope others will benefit as well !!!
- Collapse -
Part of the question was, how is an antispyware app different than an antivirus app?
I'm a heavy technophile, professional programmer with 20+ years experience, and old-school hacker, and I have no idea either. In my estimation, spyware IS a virus, and that the only differentiator is what its payload does - "phones home" data found on the host rather than popping up windows with snarky sayings and erasing hard drives. Both are rogue code which replicate from host to host using an attack vector.
So why can't Norton's "superior" engine (which I disagree with BTW - it's buggy and is a CPU hog) detect spyware along with viruses/malware? I would assume it's a marketing ploy for Norton to sell you two products, but I'm not aware of Norton having a spyware product too.
- Collapse -
This is the way I understand it:
The difference is that the goal of a virus is to harm your computer by attacking it's software.
Spyware does not harm the computer or any software per se'. (the only ''harm'' is that enough of them can slow down your PC to a crawl.) Their goal is to snoop: Check on websites you're visiting, files you're downloading, and as you put it: Phone home - with pertinent resutls that may allow a spammer to innundate your inbox with ''Special Offers.'' Or just trying to collect data on your habits.
- Collapse -
Silvana,
I am currently a tech support agent for a major computer manufacturer. The way we on our desk see it, as far as an anti-spyware program goes, you get what you pay for.
Sure, Spybot and Ad-aware are fine programs that don't cost anything. I remember reading a study a few weeks ago that measured the effectiveness of anti-spyware programs as a percentage, much as Miguel referred to. He is mistaken when he said the best only remove up to 75%. The top ones in the study were Spyware Doctor, by PC Tools Software (http://www.pctools.com/spyware-doctor/), Spy Sweeper, by Webroot software (http://www.webroot.com/consumer/products/spysweeper/), and CounterSpy, from Sunbelt Software (http://www.sunbelt-software.com/CounterSpy.cfm).
All three of those anti-spyware titles hit that study at 80-85% effectiveness, not the 75% that Miguel suggests. Windows Defender (formerly Microsoft Antispyware) hit that study in the 70-75% range. Spybot and Ad-aware, however, only removed 50% of identified spyware in that study. Also, I have seen in my career as a tech support agent where Spybot and Ad-aware will sometimes inadvertently remove some items that are not spyware and adware, causing people's programs to not work corretly, if at all.
Admittedly, since the face of spyware and adware changes on a daily basis, no one anti-spyware program alone is good enough. I would recommend using any of the above three programs (I use Spy Sweeper personally) on top of Spybot and/or Ad-aware, if you are going to go with one or both of them.
Good luck!
- Collapse -
I too was all for Spysweeper and Spydoctor but there was something wrong with my computer and those didn't get it. It wasn't showing anything being on there. I tried Spybot S&D and AdAware and it did find some spyware and removed it successfully and my computer worked fine again. But I only disagree a little. Different Anti progs are programmed to find different things, it all depends on the signatures and whatnot. So one day there could be a new spyware/adware on the market that Spybot finds yet Spydoctor doesn't, the next day it could be vice/versa. There is no DEFINATE one anti prog to use. But as far as I'm concerned, I pay to use the internet, I shouldn't have to pay to keep the bad stuff out of my computer that I bump into on the internet. So I mainly stick with a simple setup of wonderful free programs.
Browser of choice - Mozilla Firefox - It itself has a lot of spyware protection that IE does not provide, by stopping several popups that usually contain spyware, you can also download special extentions for Firefox to stop scripts on webpages unless you know it's a trusted site.
Antivirus of choice - Alwil's AVAST! - wonderful FREE anti-virus that has been proven better then Norton in numerous ways.
Anti spyware of choice - Spybot S&D and AdAware - Both awesome free programs that have kept my computer nice and clean.
Anti-malware of choice - Ewido's security suite - Cause you can't forget about the Malware, Spybot and AdAware are made to stop some malware too but this program is made speciffically for it so it drastically catches alot more then the other 2.
Just an insight,
Maynard
- Collapse -
I use four anti-spyware programmes: Spy Sweeeper; Ad-Aware; SpyBot; and Microsoft AntiSpyware Beta, and Spy Sweeper found some stuff the first couple of times I ran it; AdAware always finds something; SpyBot and MS AntiSpyware don't find anything any more, especially after running the others. I honestly believe that having anti-spyware software is just as vital and important as having anti-virus and registry cleaning programmes. I like the comfort of knowing that from intrusive gremlins but the fact that they all find something different or nothing at all raises the question of are they really effective?
Vincent
- Collapse -
I like Trend Micro Anti-spyware because it is extremely simple and fast. It is a free program. You can try it by using a search engine to find it, and then decide whether to download it after it runs a free scan for you.
After only one long scan, you can then use the short scans which are very fast and effective. Takes only seconds to use and easy to delete spyware afterwards. I use it once a day after being out on the web.
It also has a feature which clears out temps. and cookes as well. I highly recommend it be added to the list of anti-spyare.
I am also using the new Microsoft Anti-spyware program which updates frequently but is much longer to use.
- Collapse -
Customer had Trend AV installed on network, SMB version (paid, supposedly business-worthy.) It was correctly installed, updated automatically frequently. Two problems: 1) the program detected spyware but couldn't remove it, and was annoying people again and again with warnings. 2) When we replaced Trend with Symantec AV product, it detected spyware that Trend missed, or couldn't remove, and took care of it.
- Collapse -
If I had spent four hours I could not have answered more completely. I agree 100% with the recommendations.
- Collapse -
Another really good spyware program, which I find tons easier to use then the others (Ad-Ware in particular), is CounterSpy by Sunbelt Software ($15 with a year of updates).
About a year ago (14 months?) it received the editor's choice in a PC World spyware software review article.
I gave it a try and found it so much easier to use and understand then the Ad-Ware and SpyBot products.
I highly recommend giving it a try. (Which is free.)
It's at:
http://www.sunbelt-software.com/CounterSpy.cfm
==========
I appreciate your telling me it is O.K. to use multiple spyware scanners. Since I bought Zone Alarm Internet Security Suite (with spyware) I wasn't sure if I should be running CounterSpy also. Now I definitely will, because it is the best program I've used to deal with Spyware.
Good article.
CGB
- Collapse -
I read this post and it very educating with the start of Miguel in his constructive commnets and experience.This we all appreciate im sure, and the very welcome warm good faith and concern who made it possible today to look out for in the best interest of all of us amen.Please continue sowing these seeds of good knowledge and wisdom you have rightly won my trust and have a good feeling of security.Thanks you all that made it possibile.
- Collapse -
Hi All,
the winning post was excellent, as were the many posts to this important topic - thank you all for your collective input and expertise.
What I'm wondering is whether it should be pointed out that often scanning with anti-spyware programs and anti-virus programs in Safe Mode detects unwanted things which were not detected in normal mode?
Also, should we not point out that, prior to deleting viruses and spyware/adware once should turn off System retore so as not to simply go back to the pre-removal point upon reboot?
Just suggestions which I seen many times referred to in anti-spyware forums.
What do you all think?
Websurfer44
- Collapse -
This reminds me of an incident which happened a few months ago. My computer was attacked by one of the most worst adware\spyware combo. The system gave a huge warning every 2 seconds that my computer was infected and i scanned with norton and ewido, but to no avail!
Finally, i gave system restore a try and restored my computer to a restore point which was set two days ago. Whosh! all the viruses vanished!(almost!). Then i submitted my query to one of the most popular adware cleanup forums(this forum is really great and very helpful!)http://forums.spywareinfo.com/.
They pointed out that the viruses were still sitting in the restore points but could not harm my systems. I followed their instructions(booting and scanning for adware in safe mode, using tools like hijack this!), finally the infections permanently vanished. I was also told to delete the restore points since the viruses would also be flushed out!
I learnt my lesson and also learnt that even when your computer is infected really bad, system restore is very effective(guess this is one of the best features microsoft came up with ever!)
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic